To defend against cyber attacks, it is helpful to know who the hackers are, what they do, how they coordinate with each other and, above all, how criminal hacking organizations work. To find out, we snuck into a criminal group – here’s what we found.
The term hacker derives from the English to hack, which means to cut or tear apart. In particular, taking up the definition of the Treccani vocabulary, a hacker is someone who “using his knowledge in the programming technique of electronic computers, is able to illegally penetrate a computer network to use data and information contained therein, for more in order to increase the degrees of freedom of a closed system and teach others how to keep it free and efficient”.
Many ignore the behind the scenes of the term hacker: what tools they use, how they coordinate, and what their goals are. To find out, we will deal below with how the criminal group that we will call by the fictitious name of BadKitties operates.
Table of Contents
It was a day like any other, and like every other day, I checked in the evening my “trap” computers vulnerable to RDP brute-forcing attacks with “administrator” and “admin” credentials. As usual they had been “holed” and in the folders managed by some of my scripts I found some malware other than the ransomware that usually are found in these situations.
I then immediately mobilized to analyze the device searching for what the hacker who had previously connected had entered me and looked at some processes I saw unknown executables executed by tasks not entered by me and malicious.
BadKitties is a well-structured hacker group made up, to date, of more than 400 members. Starting your career within this criminal group is relatively easy. As soon as you receive an invitation from a member, you will need to contact the group leader through a “Telegram Bot” to be given instructions to start “working” in the sector.
After sending the bot’s contact request, I didn’t have to wait more than 10 minutes for “X” to send me a direct message: the speed with which I received the feedback was incredible.
We then began to write to each other via Telegram. After collecting some information about the group dynamics, I began to ask about him and what his role was within the organization.
Without problems, he told me that he was the “Boss” of the group and that due to a series of misunderstandings he believed I was another person from whom he was expecting a message: from that moment we began to enter the heart of the speech and the most important thing was explained to me.
Also Read: 16 Hacking Abbreviations And What They Mean
In the Telegram group used for communications and the sale of information, if you browse to the “Files” section, you can find TXT with CSV formatting containing large DBs with credentials that affect various types of sites and services, here are some brands present:
Other files that can be found are old versions of web scanner, batch, key generator, ransomware payload generator, various types of databases containing leaks, IP lists and much more.
The platform guarantees a certain level of anonymity, and it is also possible to use bots to satisfy the needs of those who manage these “teams” in an automated way.
Today, the most common and effective hacker attacks reach our systems through emails using various methodologies that can be more or less effective. Here are some examples:
Usually, the types of malware that are most effective are those that seem “most common”: by now anyone knows that an executable (.exe) sent by email should not be opened, but few know that even files marked “Microsoft” as the Word (.doc), Excel (.xls), PowerPoint (.ppt) inside them can contain macros written in Visual Basic which, once activated, can compromise the entire device and, in the most desperate cases, the whole IT infrastructure.
The following are the most used extensions for email attacks:
To effectively detect a hacker attack, you need to be aware that anything that can reach us via email can compromise our system after a few clicks.
With this firmly in mind, it is necessary to pay attention to grammatical errors, unexpected data changes by one of our suppliers or customers, requesting special permissions to open attached files and, finally, opening hours—receipt of the email.
Most malware campaigns are targeted at emails with company domains, but even a private user can fall into the dense web of spam.
Unfortunately, the most significant vulnerability is human interaction. The patch can only be done with education and awareness of what can happen when working with any internet-connected device.
To conclude, to mitigate cyberattacks, some practical measures can be:
Also Read: Hacker Attacks: Tools And Techniques Of Cyber Criminals
When your two year mobile phone contract comes to an end, you might find yourself… Read More
In an era where business dynamics shift with dizzying speed, the difference between success and… Read More
Introduction Generative AI and Machine Learning models have exploded in recent times, and organizations and… Read More
Quick advances in information science are opening up additional opportunities for organizations. They can extend… Read More
When thinking about the future, financial stability is an important factor that provides us with… Read More
It may have been a long time since you had to pull a handle on… Read More